Folks,
As promised, we wish to reprise the voting procedures from the first round vote, modified slightly for the second round of voting.
As before, this email will be posted on the CVE web site and other locations to ensure we don't miss any Board members due to outdated contact info, etc. If
you are a CVE Editorial Board member and did not read this email on the cve-editorial-board list, please contact us immediately so we can update your contact
info.
The timeline for the second round of voting is as follows (all dates and times are US EDT):
- Tuesday, 7 May 2013, 11:59 PM - Second discussion period closes
- Wednesday, 8 May 2013, 12:01 AM - Second official voting period begins
- Wednesday, 22 May 2013, 11:59 PM - Second official voting period ends
Incorporating comments received and based on further discussion, we will conduct the second round of voting much the same as the first round, with the
obvious change that there will only be two options to vote on. More information about the major points follows the list.
1. The voting process should be completely open and public, and will be posted and archived on the CVE web site.
2. Voters must list a first and second choice and clearly indicate which option is the first choice and which is the second.
3. All votes must include a short write up of the reason(s) for supporting or not supporting each of the two options.
4. Only votes received by the mailing list before midnight US EDT on Wednesday, May 22, 2013 will be counted.
5. Only one vote per organization will be accepted, regardless of how many eligible voting members are in a specific organization.
6. If more than one Board member from the same organization votes, only the first vote received will be counted.
7. Some Board members are excluded from the vote for other reasons - details are in the list of Board members (below).
8. No changes to a vote will be accepted; no reclama.
9. At least a simple majority of the eligible Editorial Board members is required for the overall vote to be declared valid.
10. At least a simple majority of the votes cast is required for either option to be selected.
1. Open voting process
------------------------------
All votes and comments will be sent to the Editorial Board list and will be copied to the CVE web site.
2. Voters must list a first and second choice
----------------------------------------------------------
Each voting member is again asked to indicate a first and second choice (including a comment for each, see #3) and clearly indicate which option is their
first choice and which is their second choice.
3. Reason(s) for or against each option
--------------------------------------------------
A short write up or comment for/against each option is required as part of the vote, i.e., for both options. This was requested by Board members, and will
capture both the votes and reasons for the votes for the archive.
4. Only votes with a timestamp before midnight US EDT on Wednesday, May 22, 2013 .
-----------------------------------------------------------------------
If a vote is received at or later than 00:00:00 US EDT Thursday, May 23, 2013 it will not be counted. If a member wants to ensure that their vote will be
counted, they need to take into account the many kinds of delays that may occur between hitting "send" and receipt. The only exception to this condition will
be if the mailing list is unavailable.
5., 6. Only one vote per organization; first vote counts
-----------------------------------------------------------------------
Board members from the same organization should coordinate their organization's vote. In the event of duplicate submissions from the same organization, only
the first vote received will be accepted.
7. Some Board members are excluded from the vote for other reasons
--------------------------------------------------------------------------------------------
Other conditions or circumstance may obviate a Board member's vote. These cases are noted (below).
8. No changes to a second-round vote will be accepted once a vote has been cast.
-----------------------------------------------------
Each Board member may vote in this second round as they see fit, irrespective of their first round vote. Your first vote cast in the second round is the only
vote that counts.
9. At least a simple majority of the eligible Editorial Board members is required for the overall vote to be declared valid.
-------------------------------------------------------------------------------------------------------------------------------------------------------------
The overall vote will not be accepted as valid unless at least a simple majority of the eligible Board Members votes. As of this email, we believe there are
23 CVE Editorial Board members/organizations that are eligible to vote (list below), which means there must be at least 12 votes cast in total for the
overall vote to be declared valid. Please note that this is 12 votes *total*, not 12 votes for a specific option.
10. At least a simple majority of the votes cast is required for any option to be selected.
------------------------------------------------------------------------------------------------------------------
Please take careful note of this statement. Although a simple majority of the eligible Board members must cast a vote for the overall vote to be declared
valid, only a simple majority *of_the_valid_votes_cast* is required for an option to be selected. Please note that this means that if, for example, only a
total of 12 votes are received, it will only require 7 votes for either option to be selected.
********************************************************
Current CVE Editorial Board Members eligible to vote
If you believe you are eligible to vote and are not listed below, please contact us immediately at cve@mitre.org.
Name Org
--------------------------------------------------------------
Ken Williams CA
Andy Balinsky Cisco
Ken Armstrong EWA-Canada
Bill Wall Harris STAT
Jimmy Alderson or Troy Bollinger IBM
Tim Collins Independent
Al Huger Independent
Tim Keanini Independent
Scott Lawler Lightspeed
Kent Landfield McAfee
Adam Shostack Microsoft
Steve Christey MITRE
Harold Booth or Peter Mell NIST
Russ Cooper NTBugtraq
Brian Martin OSVDB
Pascal Meunier or Gene Spafford Purdue
Mark Cox Red Hat
Carsten Eiram Risk Based Security
Alan Paller SANS
Casper Dik Oracle (Sun)
Mike Prosser Symantec
Matt Bishop UC Davis
Art Manion US-CERT
Other Board members who are listed on the CVE web page but are not eligible to vote include other MITRE staff (Steve Christey holds the official MITRE vote);
Tom Stracener is excluded (although he is Independent) because he is currently on contract with MITRE.
Please let us know immediately of any thoughts, comments or concerns.
We deeply appreciate the involvement and participation of the Editorial Board throughout the discussion and voting of this important change for CVE and in
the upcoming vote.
Best Regards,
The MITRE CVE Team